Hong Kong’s Hospital Authority announced Monday it has set up a task force on patient data security, in a move that came after several cases of data loss were reported due to missing electronic devices in the recent months.
“They offer a personalised user experience that allows users to easily gather and aggregate information onto their browser, whether it is iGoogle, Facebook, MySpace or Yahoo” Lavenda explained. And the problem, he went on, is that by offering totally unfettered access there lies a real risk to companies. In fact, there lies a host of real risks: data theft, information leakage and liability for information misuse to name but three. And the reason for the risks being so high and so obvious to anyone who looks is simply that the kind of Web 2.0 services we see infiltrating the workplace were never actually intended for corporate usage. They are consumer creations through and through, and we all know what happens when you mix consumer services with corporate usage: you get a highly volatile solution to a problem that never even existed.”
An MP has revealed that over 600 staff at HM Revenue & Customs have been
disciplined for snooping on tax payers’ personal histories.
The technologies we think are the center of data loss prevention are:
* Anti Data Leakage (sniff/crack/grep-awk-regex/shout-block
* Disk encryption
* Database transaction monitoring Port and device control
Last week, the police revealed that several former managers, including the former president of broadband operator Hanaro Telecom allegedly sold the private information, including resident registration and phone numbers, of some 6 million users to telemarketing companies over the past two years.
Findings:
– External proxies that IT does not support, such as CGIProxy and KProxy, were present in 80 percent of the customer networks
– Web-based file transfer and storage applications such as YouSendIt and MediaMax were detected in 30 percent of sites
– Over 50 percent of applications using port 80 (the default port number for a web server) were not business related
– Google applications were found in 60 percent of the sites using port 80
– Web video and streaming audio consumed significant bandwidth on 100 percent and 95 percent of the sites sampled, respectively
– Peer-to-peer file sharing applications were found on 90 percent of the sites
Associated risks include:
– Data loss through unmonitored and/or unauthorized file transfers
– Compliance violations, both with internal policies and external regulations
– Business exposure from malware propagation or application vulnerability exploits
– Operational cost increases due to higher bandwidth consumption and added IT expense
– Lost productivity from excessive use of personal applications
“Enterprise content is just too volatile for static tags to really represent its value.”
Useful for our ILDP purposes, but may take a while to commercialise though.
“This is especially true because most enterprises align their security decisions based on the IP address information of users instead of their identities. Working with the a lack of user identity information, most enterprises deploy a strict common security policy for access to network
resources. But such blanket policies restrict business flexibility and productivity among users, forcing them to compromise on efficiency of their duties. Thus, enterprises need to balance network security with business flexibility to allow users to perform optimally in a secure network environment.”